diff --git a/.vscode/extensions.json b/.vscode/extensions.json deleted file mode 100644 index f23caea..0000000 --- a/.vscode/extensions.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "recommendations": [ - "editorconfig.editorconfig", - "kamadorueda.alejandra", - "jnoortheen.nix-ide", - "mkhl.direnv", - ] -} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 9197699..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "files.exclude": { - // defaults - "**/.git": true, - "**/.svn": true, - "**/.hg": true, - "**/CVS": true, - "**/.DS_Store": true, - "**/Thumbs.db": true, - // extras - "**/.direnv": true, - } -} \ No newline at end of file diff --git a/.vscode/tasks.json b/.vscode/tasks.json deleted file mode 100644 index 0729317..0000000 --- a/.vscode/tasks.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "version": "2.0.0", - "tasks": [ - { - "label": "flake upgrade", - "type": "shell", - "command": "tmux new -s flake-update .vscode/upgrade.sh", - "problemMatcher": [] - } - ] -} \ No newline at end of file diff --git a/.vscode/upgrade.sh b/.vscode/upgrade.sh deleted file mode 100755 index f3ecb90..0000000 --- a/.vscode/upgrade.sh +++ /dev/null @@ -1,26 +0,0 @@ -# error handler -handle_error() { - echo "Upgrade failed." - read -p "Press Enter to exit..." - exit 1 -} - -# stop on error -set -euxo pipefail - -# trap any errors and call handle_error -trap 'handle_error "$BASH_COMMAND"' ERR - -# update lock file -nix flake update - -# update systems -sudo nixos-rebuild switch -L --flake .#silicium -nixos-rebuild switch -L --flake .#cesium --target-host cesium - -# commit and push lock file -git add flake.lock -git commit -m "⬆️ nix flake update" -git push - -echo "Upgrade successful" diff --git a/flake.nix b/flake.nix index bd5c198..0fbd372 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,6 @@ { description = "Laureηt's infrastructure"; - # TODO: luks encrypt cesium (dropbear ?) - # TODO: setup disko sur silicium - inputs = { # core stuff nixpkgs = { diff --git a/home/shell/git.nix b/home/shell/git.nix index ae0fae8..d90989b 100644 --- a/home/shell/git.nix +++ b/home/shell/git.nix @@ -2,7 +2,6 @@ sign_key = { "aurum" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItSJTtS7tO0Wz/WgHAFb3xuNFZpm8SOvr/o8uR83zzy laurent@aurum"; - "silicium" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium"; } ."${osConfig.networking.hostName}"; in { diff --git a/hosts/aurum/system/impermanence/default.nix b/hosts/aurum/system/impermanence/default.nix index 3d86a47..0cb8ebd 100644 --- a/hosts/aurum/system/impermanence/default.nix +++ b/hosts/aurum/system/impermanence/default.nix @@ -12,7 +12,7 @@ files = [ "/etc/machine-id" ]; - # TODO: move this into home config, when silicium has impermanence too + # TODO: move this into home config users.laurent = { directories = [ "Documents" diff --git a/hosts/cesium/system/users/default.nix b/hosts/cesium/system/users/default.nix index 6c5d8cf..21a8595 100644 --- a/hosts/cesium/system/users/default.nix +++ b/hosts/cesium/system/users/default.nix @@ -1,7 +1,7 @@ {...}: { users.mutableUsers = false; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium" # TODO: remove this "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItSJTtS7tO0Wz/WgHAFb3xuNFZpm8SOvr/o8uR83zzy laurent@aurum" ]; } diff --git a/hosts/default.nix b/hosts/default.nix index 4ba3a07..a192223 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -14,25 +14,6 @@ in { # desktop would be neon # smartphone would be lithium - # personal laptop - silicium = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit inputs; - }; - modules = [ - ./silicium - inputs.home-manager.nixosModules.home-manager - inputs.agenix.nixosModules.default - inputs.lanzaboote.nixosModules.lanzaboote - inputs.nixos-hardware.nixosModules.common-cpu-amd - inputs.nixos-hardware.nixosModules.common-gpu-nvidia-disable - inputs.nixos-hardware.nixosModules.common-pc-laptop - inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - {inherit home-manager;} - ]; - }; - # work laptop aurum = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/hosts/silicium/default.nix b/hosts/silicium/default.nix deleted file mode 100644 index ee1338d..0000000 --- a/hosts/silicium/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{pkgs, ...}: { - imports = [ - ./system - ./services - ]; - - # shorter timeout for systemd services - systemd.extraConfig = '' - DefaultTimeoutStopSec=10s - ''; - - services.dbus.enable = true; - xdg.portal = { - enable = true; - wlr.enable = true; - - config = { - common.default = ["wlr" "gtk"]; - hyprland.default = ["hyprland"]; - }; - extraPortals = [ - pkgs.xdg-desktop-portal-gtk - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-hyprland - ]; - }; - - # enable gnome virtual file system - services.gvfs.enable = true; -} diff --git a/hosts/silicium/services/borgbackup/default.nix b/hosts/silicium/services/borgbackup/default.nix deleted file mode 100644 index 85cdde1..0000000 --- a/hosts/silicium/services/borgbackup/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{config, ...}: { - services.borgbackup.jobs.home = { - paths = "/home/laurent/"; - repo = "/mnt/home_backup"; - exclude = [ - # Largest cache dirs - ".cache" - ".compose-cache" - "*/cache" - "*/cache2" # firefox - "*/Cache" - "*/Code Cache" - "*/blob_storage" - ".config/Slack/logs" - ".config/Code/CachedData" - ".container-diff" - ".npm/_cacache" - # Work related dirs - "*/node_modules" - "*/bower_components" - "*/build" - "*/_build" - "*/.tox" - "*/venv" - "*/.venv" - "*/.direnv" - ]; - encryption = { - mode = "repokey"; - passCommand = "cat ${config.age.secrets.borgbackup.path}"; - }; - compression = "auto,zstd"; - startAt = []; - }; - services.borgbackup.jobs.keepass = { - paths = "/home/laurent/Documents/db_mdp.kdbx"; - repo = "ssh://root@fainsin.bzh:624/srv/backup/keepass"; - user = "laurent"; - encryption = { - mode = "repokey"; - passCommand = "cat ${config.age.secrets.borgbackup.path}"; - }; - compression = "auto,zstd"; - startAt = "12:00"; - }; -} diff --git a/hosts/silicium/services/default.nix b/hosts/silicium/services/default.nix deleted file mode 100644 index e307211..0000000 --- a/hosts/silicium/services/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./borgbackup - ./greetd - ]; -} diff --git a/hosts/silicium/services/greetd/default.nix b/hosts/silicium/services/greetd/default.nix deleted file mode 100644 index f0b67ca..0000000 --- a/hosts/silicium/services/greetd/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{pkgs, ...}: { - services.greetd = { - enable = true; - - settings = { - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.hyprland}/bin/Hyprland"; - user = "greeter"; - }; - }; - }; -} diff --git a/hosts/silicium/system/adb/default.nix b/hosts/silicium/system/adb/default.nix deleted file mode 100644 index 01fbd94..0000000 --- a/hosts/silicium/system/adb/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - # udev rules - services.udev.packages = [pkgs.android-udev-rules]; - - # adb users - users.users.laurent.extraGroups = ["adbusers"]; -} diff --git a/hosts/silicium/system/age/default.nix b/hosts/silicium/system/age/default.nix deleted file mode 100644 index 0fc4b42..0000000 --- a/hosts/silicium/system/age/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{...}: { - age.secrets.borgbackup = { - file = ../../../../secrets/borgbackup.age; - owner = "laurent"; - group = "users"; - }; - age.identityPaths = ["/home/laurent/.ssh/id_ed25519"]; -} diff --git a/hosts/silicium/system/audio/default.nix b/hosts/silicium/system/audio/default.nix deleted file mode 100644 index e04ca2b..0000000 --- a/hosts/silicium/system/audio/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - services.pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; - }; -} diff --git a/hosts/silicium/system/boot/default.nix b/hosts/silicium/system/boot/default.nix deleted file mode 100644 index cd2e97d..0000000 --- a/hosts/silicium/system/boot/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - pkgs, - config, - ... -}: { - # support for mounting windaube partitions - boot.supportedFilesystems = ["ntfs"]; - boot.loader.efi.canTouchEfiVariables = true; - - # clean /tmp at each boot - boot.tmp.cleanOnBoot = true; - - # use latest kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - - imports = [ - ./lanzaboot.nix - ]; - - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd" "v4l2loopback"]; - boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; -} diff --git a/hosts/silicium/system/boot/lanzaboot.nix b/hosts/silicium/system/boot/lanzaboot.nix deleted file mode 100644 index 72dd6e0..0000000 --- a/hosts/silicium/system/boot/lanzaboot.nix +++ /dev/null @@ -1,16 +0,0 @@ -{lib, ...}: { - # This should already be here from switching to bootspec earlier. - # It's not required anymore, but also doesn't do any harm. - boot.bootspec.enable = true; - - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; -} diff --git a/hosts/silicium/system/default.nix b/hosts/silicium/system/default.nix deleted file mode 100644 index e8ef07b..0000000 --- a/hosts/silicium/system/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{...}: { - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - - imports = [ - ./adb - ./age - ./audio - ./boot - ./docker - ./fonts - ./hardware - ./i18n - ./networking - ./nix - ./security - ./users - ]; -} diff --git a/hosts/silicium/system/docker/default.nix b/hosts/silicium/system/docker/default.nix deleted file mode 100644 index f94fbc4..0000000 --- a/hosts/silicium/system/docker/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - virtualisation.docker = { - enable = true; - - storageDriver = "btrfs"; - enableOnBoot = false; - autoPrune.enable = true; - }; - - # docker users - users.users.laurent.extraGroups = ["docker"]; -} diff --git a/hosts/silicium/system/fonts/default.nix b/hosts/silicium/system/fonts/default.nix deleted file mode 100644 index 57362a4..0000000 --- a/hosts/silicium/system/fonts/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{pkgs, ...}: { - fonts.packages = with pkgs; [ - # https://notofonts.github.io/ - noto-fonts # standard characters - noto-fonts-lgc-plus # latin, greek, and cyrillic - noto-fonts-cjk # chinese, japanese, and korean - noto-fonts-emoji # emojis 🐢 - - # https://github.com/tonsky/FiraCode - fira-code # standard characters - fira-code-symbols # unicode ligature glyphs - - # https://github.com/ryanoasis/nerd-fonts - (nerdfonts.override {fonts = ["FiraCode"];}) - ]; -} diff --git a/hosts/silicium/system/hardware/default.nix b/hosts/silicium/system/hardware/default.nix deleted file mode 100644 index d8d7518..0000000 --- a/hosts/silicium/system/hardware/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{...}: { - # hardware - hardware = { - enableRedistributableFirmware = true; - graphics.enable = true; - }; - - # logind configuration - services.logind = { - lidSwitch = "ignore"; - extraConfig = '' - HandlePowerKey=suspend - ''; - }; - - # tlp, power management - services.tlp.enable = true; - - # thermald, controls temperature - services.thermald.enable = true; - - # bluetooth - hardware.bluetooth.enable = true; - services.blueman.enable = true; - - # backlight intensity - programs.light.enable = true; - - # partitions and filesystems - imports = [ - ./partitions.nix - ]; -} diff --git a/hosts/silicium/system/hardware/partitions.nix b/hosts/silicium/system/hardware/partitions.nix deleted file mode 100644 index 7f31605..0000000 --- a/hosts/silicium/system/hardware/partitions.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - ... -}: { - fileSystems."/" = { - device = "/dev/disk/by-uuid/b0ea5f1f-104f-4026-840a-4d46f3e827d1"; - fsType = "btrfs"; - options = ["subvol=nixos"]; - }; - - boot.initrd.luks.devices."nixenc".device = "/dev/disk/by-uuid/93d0b0d8-b586-48cf-acc2-025fba1eaadb"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/6D10-BBAF"; - fsType = "vfat"; - }; - - swapDevices = []; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/silicium/system/i18n/default.nix b/hosts/silicium/system/i18n/default.nix deleted file mode 100644 index 90f1921..0000000 --- a/hosts/silicium/system/i18n/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{...}: { - # FRANCE 🇫🇷 🥖 🥐 - time.timeZone = "Europe/Paris"; - - # azerty keyboard - console.keyMap = "fr"; - - # english ISO metric system - i18n.defaultLocale = "en_DK.UTF-8"; -} diff --git a/hosts/silicium/system/networking/default.nix b/hosts/silicium/system/networking/default.nix deleted file mode 100644 index 2b7873e..0000000 --- a/hosts/silicium/system/networking/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{...}: { - networking = { - # the name of the machine - hostName = "silicium"; - - # domain name servers, use clouflare family - nameservers = ["1.1.1.2" "1.0.0.2"]; - - # use networkManager, see nmcli - networkmanager.enable = true; - - # firewall - firewall.enable = true; - - # https://github.com/StevenBlack/hosts - stevenblack.enable = true; - }; -} diff --git a/hosts/silicium/system/nix/default.nix b/hosts/silicium/system/nix/default.nix deleted file mode 100644 index de89db3..0000000 --- a/hosts/silicium/system/nix/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - # restrict nix command to sudoers - nix.settings.allowed-users = ["root" "@wheel"]; - nix.settings.trusted-users = ["root" "@wheel"]; - - # experimental features - nix.settings.experimental-features = ["nix-command" "flakes"]; - - # limit number of cores when building - nix.settings.max-jobs = 6; - - # optimizations - nix.settings.auto-optimise-store = true; - nix.optimise = { - automatic = true; - dates = ["12:00"]; - }; - - # garbage collection - nix.gc = { - automatic = true; - dates = "12:00"; - options = "--delete-older-than 30d"; - }; - - # pin nixpkgs registry - nix.registry.nixpkgs.flake = inputs.nixpkgs; - - # list of allowed unfree packages - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "vscode" - "vscode-extension-github-copilot" - "vscode-extension-github-copilot-chat" - ]; - - # print diff between two generations - system.activationScripts.nvd-report-changes = '' - PATH=$PATH:${lib.makeBinPath [pkgs.nvd pkgs.nix]} - nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2) - ''; -} diff --git a/hosts/silicium/system/security/default.nix b/hosts/silicium/system/security/default.nix deleted file mode 100644 index 2cee319..0000000 --- a/hosts/silicium/system/security/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, ...}: { - # enable polkit - security.polkit.enable = true; - - # enable gpg agent - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-gnome3; - }; - - # secrets keyring - services.gnome.gnome-keyring.enable = true; - - # allow swaylock to use pam - security.pam.services.swaylock = {}; -} diff --git a/hosts/silicium/system/users/default.nix b/hosts/silicium/system/users/default.nix deleted file mode 100644 index c7b96a7..0000000 --- a/hosts/silicium/system/users/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: { - # disable user creation/deletion - users.mutableUsers = false; - - # configure users - users = { - users.laurent = { - isNormalUser = true; - initialPassword = "laurent"; - extraGroups = ["wheel" "video"]; - }; - }; -} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1cef618..1a2f29c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,5 @@ let - silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium"; + silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium"; # TODO: remove this cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVxpWbNJl+OXe6YImMpsJprfuTd+9UJVTiteiuyx6oP root@cesium"; in { "borgbackup.age".publicKeys = [silicium];